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IN THE CLAIMS; 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

LISTING OF CLAIMS: 



1 1. (original) A gateway for mobile access, comprising: 

2 a foreign agent that receives user profile data and session state data from a home 

3 authentication, authorization and accounting (AAA) system of a mobile node; 

4 at least one dynamic packet filter that performs multi-layer filtering based on the 

5 user profile data; 

6 wherein the foreign agent transfers a session from a first network to a second 

7 network without session interruption, using the session state data, when the mobile node 

8 moves from the first network to the second network, and 

9 the foreign agent uses the dynamic packet filter to permit Internet access by the 

10 mobile node without passing Intemet data requested by the mobile node through a 

1 1 network in which the home AAA system is located. 

1 2. (original) The gateway of claim 1, ftirther comprising a MAC-address- 

2 based filter which blocks packets except for authentication packets that are used to 

3 authenticate mobile nodes. 

1 3. (original) The gateway of claim 1, wherein the dynamic packet filter 

2 performs network layer filtering and one of the group consisting of transport layer 

3 filtering and application layer filtering. 

1 4. (original) The gateway of claim 1, fijrther comprising a non-volatile 

2 storage device in which the user profile data are stored. 

1 5. (original) The gateway of claim 1, wherein the non- volatile storage device 

2 has a database that stores state information for each active user session. 
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1 6. (original) The gateway of claim 1, wherein the gateway is coupled to at 

2 least one access point, and the gateway transmits from a AAA server in the gateway to 

3 the access point an identification of whether a mobile node in communication with the 

4 access point is successfully authenticated by the AAA server. 

1 7. (original) The gateway of claim 1, wherein the gateway exchanges AAA 

2 data with the home AAA system of the mobile node by way of the Intemet, and the 

3 gateway provides Intemet access to the mobile node without passing Intemet data 

4 requested by the mobile node through the network of the home AAA system. 

1 8. (original) The gateway of claim 7, wherein the gateway relays remote 

2 authentication dial-in user service packets to the home AAA server. 

1 9. (original) The gateway of claim 1, wherein the gateway has a foreign 

2 agent that communicates with the home AAA system of the mobile node, and the foreign 

3 agent is capable of operating in a relay mode, in which the foreign agent forwards 

4 packets to the home AAA of the mobile IP node for authentication, or in a standalone 

5 mode, in which authentication computations for the simple IP mobile node are performed 

6 in the gateway. 

1 10. (original) The gateway of claim 1, the user profile data include per-user 

2 policies dynamically obtained from the home AAA server of the mobile node and the 

3 gateway fiirther the dynamic packet filter is included in a firewall that uses packet 

4 filtering rules that depend on the per-user policies. 

1 11. (original) The gateway of claim 10, wherein the firewall includes rules 

2 that check a media access control address associated with each received packet. 

1 12. (original) The gateway of claim 1, further comprising an 802.11 access 

2 point contained within or attached to a housing of the gateway. 
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1 13. (original) The gateway of claim 1, further comprising a wireless modem 

2 contained within or attached to a housing of the gateway. 

1 14. (original) The gateway of claim 1, further comprising: 

2 an 802.1 1 access point contained within or attached to a housing of the gateway; 

3 and 

4 a wireless modem contained within or attached to a housing of the gateway. 

1 15. (original) A gateway for mobile access, comprising: 

2 a foreign agent that receives user profile data from a home authentication, 

3 authorization and accounting (AAA) system of a client, when the client establishes a 

4 session with the gateway; 

5 a dynamic packet filter that performs multi-layer filtering based on the user 

6 profile data; 

7 an access point contained within or attached to a housing of the gateway, for 

8 communication between the gateway and the client; and 

9 a wireless modem contained within or attached to a housing of the gateway, 

10 wherein the gateway is mobile, and the modem permits wireless conraiunication between 

1 1 the gateway and a wireless network. 

1 16 (original). The gateway of claim 15, wherein the gateway provides 

2 Intemet access to the client without passing Internet data requested by the client through 

3 a network containing the home AAA system of the client. 

1 17. (previously presented) The gateway of claim 15, wherein the foreign agent 

2 is capable of obtaining a new IP address when the gateway moves from a first network to 

3 a second network. 

1 18. (original) The gateway of claim 16, wherein, the foreign agent is capable 

2 of advertising the new IP address to the client. 
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19. (original) The gateway of claim 15, wherein the dynamic packet filter 
performs network layer filtering and one of the group consisting of transport layer 
filtering and application layer filtering. 



1 20. (original) The gateway of claim 15, further comprising a non- volatile 

2 storage device that stores the session state data, and means for transmitting the stored 

3 session state data to the client if the client loses a connection with the gateway and 

4 resumes the connection with the gateway. 



21. (canceled) 

22. (canceled) 

23. (canceled) 

24. (canceled) 

25. (canceled) 

26. (canceled) 

27. (canceled) 

28. (canceled) 



1 29. (original) A computer readable medium encoded with computer program 

2 code, wherein, when the code is executed by a processor, the processor performs a 

3 method for controlling mobile access, comprising the steps of: 

4 filtering incoming packets based on a media access control address of each 

5 packet; 
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6 obtaining user profile data of a mobile IP node from a home authentication, 

7 authorization and accounting (AAA) server of a mobile IP node, to determine whether 

8 the mobile IP node is registered to access a network by way of a gateway; 

9 performing multi-layer filtering based on the user profile data; 

10 transferring a session from a first network to a second network in which the 

1 1 mobile IP node is located without session interruption when the mobile node moves to 

12 the second network; and 

13 providing Internet access to the mobile IP node without passing Internet data 

14 requested by the mobile LP node through a network in which the home AAA server is 

15 located. 

1 30. (canceled) 
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